By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Stack can't be deleted from CloudFormation, because dependent Network interface can't be deleted, I can't understand the rootcause.

0

Hello! After deleting my stack from CloudFormation I receive error, that it can't be deleted.

Rootcause is undeletable Network interface. When I try to delete it manually, I see message: "The network interface can't be deleted The selected network interface can't be deleted."

When I try to detach it, I see next error: "Failed to detach the network interface. API error: "You do not have permission to access the specified resource.""

But I has right to do this. Even after explicit rule creation to delete exactly this resource, I get the same error. Moreover, there are no other connected resourses to this Network interface.

*Update: After some retries of deleting full stack, stack by itself and VPC were managed to be deleted, but Network interface is still presented.

If someone knows how to delete it?

Topics
Networking & Content DeliveryCompute
Tags
Amazon VPCAmazon EC2
Language
English
Slava
asked a month ago50 views
1 Answer
0
Accepted Answer

This is a common issue when dealing with network interfaces (ENIs) in AWS, especially those created by AWS services. The problem you're experiencing is likely due to the ENI being owned or managed by an AWS service, rather than being directly controlled by your account.

In many cases, these ENIs are associated with resources like NAT Gateways, Load Balancers, VPC Endpoints, or even services like ECS (Elastic Container Service). Even after the parent resource or service is deleted, the ENI can sometimes remain in a "stuck" state.

Here are some steps you can try to resolve this issue:

  1. Wait for some time: Sometimes, it can take up to 24-48 hours for all resources to be fully released and deleted by AWS backend processes.

  2. Check for any remaining resources: Ensure that all related resources like EC2 instances, load balancers, NAT gateways, or VPC endpoints have been completely removed.

  3. Verify IAM permissions: Although you mentioned having the right permissions, double-check that your IAM user or role has the necessary permissions to delete network interfaces.

  4. Identify the owning service: Try to determine which AWS service created the ENI. This information is often available in the ENI's description field in the AWS console.

  5. Delete the parent resource: If you can identify the parent resource or service, try deleting it again, which should trigger the deletion of the associated ENI.

If none of these steps work, your best option is to contact AWS Support. Even without a paid support plan, you can open a case under the "Account and Billing" category for free. Explain the situation, provide the ENI ID, and mention that you've already deleted the associated resources but the ENI remains stuck. AWS support should be able to manually release the orphaned ENI for you.

In some rare cases, the issue might be related to an IAM role being deleted before AWS could delete the ENI. If this is the case, recreating the necessary IAM role temporarily might allow AWS to complete the ENI deletion process.

Remember, it's important not to force-delete resources like VPCs or subnets while there are still ENIs attached, as this can lead to further complications. Focus on resolving the ENI issue first, and then the other resources should be deletable.
Sources
Unable to delete network interface | AWS re:Post
Issues deleting VPC | AWS re:Post
I can't delete my ENI because it's currently in use and is of type "interface" (poiting to ECS which is already deleted) | AWS re:Post

profile picture
re:Post Agent
answered a month ago
profile picture
EXPERT
Riku_Kobayashi
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content